package com.backend.teamapi.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {



    // 配置 BCryptPasswordEncoder，用于密码加密
    @Primary
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

        // 配置 SecurityFilterChain，放行所有请求，禁用登录认证
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf().disable()  // 关闭 CSRF（表单保护）
            .authorizeHttpRequests()
            .anyRequest().permitAll()  // 放行所有请求
            .and()
            .formLogin().disable();  // 禁用默认登录表单

        return http.build();
    }
}